Google releases an emergency Chrome update against a zero-day exploit
Chrome has seen many hacking and exploiting in its day. And who is to say that that is already enough?
Earlier this month, we learned about the zero-day Chrome that the state-sponsored hackers based in North Korea were able to access to. The group was able to do it before a patch was rolled out in mid-February.
The group of hackers was able to make their way and compromise real websites by spoofing them to similar domain names.
Unfortunately now, there is another Chrome zero-day, the second attack this year. Yet, Google is quick to roll out an emergency update as its fix.
Suggested reads:
- Google fights off zero-day vulnerability in new Chrome update
- Microsoft addresses 50 vulnerabilities in its February security patch
- Over 50K warnings were sent out to government-backed hacks, says Google
Chrome update release for zero-day exploit
On Friday, the tech giant, Google, has released a Chrome update that addresses a fix for a high-severity zero-day exploit that made its way into the browser. Chrome 99.0.4844.84 for Windows, Mac, and Linux are already in a stable channel that is available to users.
According to a Chrome Releases Blog post, Google says that there is one security update in the release. This update is for the zero-day attack CVE-2022-1096, which was first reported to the company on March 23 by an anonymous tip.
Read: Google warns users against critical and high threat flaws found in Chrome
“”Google is aware that an exploit for CVE-2022-1096 exists in the wild,””
— explains Google.
The zero-day is a flaw in Chrome’s JavaScript engine and normally the flaws lead only to browser crashes following successful exploitation via reading or writing memory out of buffer bounds.
But hackers can also exploit this flaw by inserting their code into the browser. And it is exactly the kind of thing that hackers love to use against their unsuspecting victims and is the most common too.
You may ask how the attacks are being performed at this point. But Google is mum about it and did not provide any more information other than admitting to the existence of the zero-day flaw and that they have already been hackers exploiting it.
According to Google, they are keeping some data away from the public as a safety measure, saying that the full details on how the attacks worked will not be released until most users have the update to fix it.
Also read: DELETE Google Chrome browser on Android now, cybersecurity expert warns users
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google explains. “We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed.”
What’s good though is that Google was able to issue a patch even before the exploit has become widely known. The company has urged all users to update their Chrome browsers to the latest version 99.0.4844.84 as soon as possible.
More tech news:
- Ransomware attackers are now targeting insiders
- Warning: Google Drive security update will break some file links, says Google
- Hacker group attacks mobile phone website and steals customers’ credit card info